WordPress cache_lastpostdate - Arbitrary Code Execution

wordpress

Software
WordPress
Versions
<= 1.5.1.3
Disclosure date
2010-07-03
CVE
CVE-2005-2612
References
Credits
Classification
Arbitrary Code Execution
OWASP Top 10

Are your websites subject to this vulnerability?

Details

WordPress version prior to 1.5.1.3 is remotely exploitable if the web server on which it runs has register_globals enabled in the PHP configuration. Perl code exists to automatically exploit vulnerable WP 1.5.1.3 sites, allowing the attacker to try to execute code.

Solution

Update WordPress.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.